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DETAILED ACTION 

• Applicant's submission for RCE filed on 9/23/2009 has been entered. Applicant 
has amended claims 1, 2, 6, 7, 10-12, 14, 17-19, 21-23, 33 and 34; canceled 
claims 9 and 20; and added claims 35-39. Currently claims 1 , 2, 6-8, 1 0-1 2, 1 4, 
17-19, 21-27, and 29-39 are pending in this application. 



Response to Arguments 

1 . Applicant's arguments with respect to claims 1,12,17 and 23 have been 
considered but are moot in view of the new ground(s) of rejection. 



Claim Objections 

2. Claims 1 and 23 are objected to because of the following informalities: 

• Claim 1 , line 1 , "automating the generation", should read, "automating 
generation". 

• Claim 1, line 2, "the execution", should read, "an execution". 

• Claim 1, line 8, "the manifest", should read, "the vendor-provided manifest". 

• Claim 1, line 13, "into the manifest", should read, "into the vendor-provided 
manifest". 

• Column 23, line 1 , "A system comprising a processor for generating a 
manifest, the system comprising", should read, "A system comprising a 
processor for generating a manifest, the system further comprising". 
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Examiner suggests reviewing of other independent claims and dependent claims 
for lack of antecedent basis of all the claim language. Appropriate correction is required. 

Claim Rejections - 35 USC § 103 

3. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

Claims 1 . 2, 6-8. 1 0, 31 -32, and 35 are rejected under 35 U.S.C. 1 03(a) as being 
unpatentable over England et al. (US 6,330,670 B1 ), hereinafter, "England" in view of in 
view of Jensenworth et al. (US 6,279,1 1 1 ), "Jensenworth", Lao et al. (US 2003/0220880 
A1 ), hereinafter, "Lao", and further in view of Challener (US 6,704,868 B1 ), "Challener". 

Regarding Claim 1, England discloses a method of automating the 

generating a vendor-provided manifest that governs the execution of a software 
object distributed by the vendor, the method comprising: 

accessing manifest (see, Fig. 2, Numeral 222 + Numeral 223, and also see, 
Column 10, lines 14-25), comprising one or more rules imposed by the vendor for 
ensuring integrity of an address space that is used in a computer for executing the 
software object (see, Column 10, lines 14-25 and Column 19, lines 45-53), the one or 
more rules incorporating a list of acceptable modules (see, Column 10, lines 14-25) 
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wherein acceptable modules may be executed in the address space of the computer 
and the unacceptable modules are unconditionally barred from being executed in the 
address space of the computer (see abstract). 

England discloses that the manifest comprises the list of acceptable modules but 
does not explicitly disclose the list of unacceptable modules to be included in the 
license. 

However, Jensenworth discloses a manifest comprising the list of unacceptable 
modules (see, Column 5, lines 50-67 and Column 12, lines 1-9). 

Therefore, it would have been obvious at the time the invention was made to one 
of ordinary skill in the art to include, in the license of England, a list of unacceptable 
modules so that the access to the content of England can be barred explicitly from 
these unacceptable modules. 

England discloses a manifest but does not explicitly discloses creating a manifest 
configuration file (MCF) that provides a description of requirements to be embodied in 
the vendor-provided manifest, the description including an identity of a key file that 
contains a cryptographic key, wherein providing said identity of the key file eliminates 
the need to manually insert cryptographic key data into the manifest; parsing the MCF 
to create a generic representation containing substance specified in the MCE; and 
providing the generic representation to a manifest generation tool that reads the generic 
representation, retrieves said cryptographic key to obtain cryptographic key data for 
insertion into the manifest, and generates the vendor-provided manifest in an extensible 
Right Markup Language (XRML) format based on the requirements. 
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Lao discloses creating a manifest configuration file (MCF) that provides a 
description of requirements to be embodied in the vendor- provided manifest (see, Fig. 
19, Numeral 1901, "Rights information" and Paragraph 0158-0159, author accessing 
license generation and interpretation service 190 to specify the rights information. Note 
that the user specify the rights using a GUI which are later converted into an unsigned 
rights expression) parsing the MCF to create a generic representation containing 
substance specified in the MCE (See, Fig. 19, Numeral 1903, "Rights Expression" and 
Paragraph 0158, "the License Generation and Interpretation Service 1907 converts the 
information the user 1919 provides into a rights expression, for example, an 
unsigned license, based on XrML"); and providing the generic representation to a 
manifest generation tool generates the vendor-provided manifest in an extensible Right 
Markup Language (XRML) format based on the requirements (see, Paragraph 0159, 
"The unsigned license is then returned, conveyed, transmitted, and the like, to the user 
1919, and the user 1919 can digitally sign the license."). 

Therefore, it would have been obvious at the time the invention was made to one 
of ordinary skill in the art to generate, the license of England, using the license 
generation and interpretation service of Lao. This would be beneficial for the user such 
as author of software of England that uses authoring application which does not provide 
a way to specify rights metadata for the content by providing such services with license 
generation and interpretation service (see, Lao, Paragraph 0158) 

The above combination does not explicitly discloses the description including an 
identity of a key file that contains a cryptographic key, wherein providing said identity of 
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the key file eliminates the need to manually insert cryptographic key data into the 
manifest a manifest generation tool that reads the generic representation, retrieves said 
cryptographic key to obtain cryptographic key data for insertion into the manifest. 

Challener discloses description of the specification for the manifest including an 
identity of a key file that contains a cryptographic key, wherein providing said identity of 
the key file eliminates the need to manually insert cryptographic key data into the 
manifest and cryptographic key is included in manifest during manifest generation 
process (see, Column 3, line 62- Column 4, line 13). 

Therefore, it would have been obvious at the time the invention was made to one 
of ordinary skill in the art to include, in the certificate of the combination of England, 
Jensenworth, and Lao, the public key of the user of the certificate as taught by 
Challenger so that When an application needs to transmit an encrypted message or to 
perform an authentication procedure, encryption/decryption engine 32 accesses the 
user private key pointed to by the application's associated certificate, and then encrypts 
the message or signs a signature utilizing the user private key (see, Challener, Column 
4, lines 8-13). 

Regarding Claim 2, the rejection of claim 1 is incorporated and the combination 
of England, Jensenworth, Lao, and Challener further discloses wherein said MCF 
identifies the acceptable and unacceptable modules, and wherein generating the 
manifest comprises including, in said manifest, the identities of the acceptable and 
unacceptable modules identified in the description (see, England, Column 10, lines 14- 
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25 and Jensenworth, Column 5, lines 50-67 and Column 12, lines 1-9 as combined with 
Lao). 

Regarding Claim 6, the rejection of claim 2 is incorporated and the combination 
of England, Jensenworth, Lao, and Challener further discloses wherein said MCF 
indicates whether said manifest will contain hashes for identifying the unacceptable 
modules (see, Jensenworth, Column 7, lines 33-44). 

Regarding Claim 7, the rejection of claim 1 is incorporated and the combination 
of England, Jensenworth, Lao, and Challener further discloses wherein at least one of 
said acceptable modules comprises a key, and wherein said specification indicates that 
the at least one of said acceptable modules signed with said key may be loaded into 
said address space (see, Column 10, lines 41-51) and wherein generating said manifest 
comprises: retrieving said key from a file identified in said specification; and including 
said key in said manifest (see Challener, Column 3, line 62- Column 4, line 13). 

Regarding Claim 8, the rejection of claim 1 is incorporated and the combination 
of England, Jensenworth, Lao, and Challener further discloses wherein generating said 
manifest comprises: 

Computing a hash of at least one of said unacceptable module and including said 
hash in said manifest (see, Jensenworth, Column 7, lines 33-44). 

Regarding Claim 10, the rejection of claim 1 is incorporated and the combination 
of England, Jensenworth, Lao, and Challener further discloses receiving a key 
associated with at least one of a) a vendor or b) a distributor of said software object; 
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signing said manifest with said key to produce a digital signature; and including said 
digital signature in said manifest (see, Lao, Paragraph 0159). 

Regarding Claims 31 and 32, the rejection of claim 1 is incorporated and the 
combination of England, Jensenworth, Lao, and Challener does not disclose wherein at 
least one of the unacceptable modules is identified in the list by a version number or a 
range of a version numbers. 

However England in the same reference discloses identifying modules in the list 
by a range of version numbers (see, Column 9, lines 20-27). 

Therefore, it would have been obvious at the time the invention was made to one 
of ordinary skill in the art to identify, in the license of England as modified by 
Jensenworth, unacceptable modules by the range of version numbers as applied by 
England to it's right management certificate so that the same name software can be 
divided into acceptable or unacceptable modules based on the version information. 

Regarding Claim 35, the rejection of claim 1 is incorporated and the combination 
of England, Jensenworth, Lao, and Challener further discloses wherein integrity of said 
address space is further enforced by confining inside said address space each of a) 
said software object, b) data used by said software object, and c) auxiliary code 
modules that are used by said software object (see, England, Column 4, line 16-21, 
Column 16, lines 24-32) 
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Claims 12, 14, 17-19, 21, 23-24, 26-30, and 38-39 are rejected under 35 U.S.C. 
103(a) as being unpatentable over England in view of Lao and further in view of Lai (US 
2005/0044197 AD, hereinafter, "Lai". 

Regarding Claim 12, England discloses a computer-readable storage medium 
encoded with computer-executable instructions to perform a method of generating a 
manifest that governs the execution of a software object distributed by a vendor, the 
method comprising: 

a file containing description of the manifest wherein the description comprises a 
vendor-specified policy configured to preclude loading of a rogue module into an 
address space of a computer in which the software object is to be executed (see, 
Column 18, lines 39-54 and also abstract); 

accessing a manifest based on the file containing description and including in 
said manifest an identification of said executable module and an indication that said 
executable module may be loaded into said address space (see, Column 18, lines 39- 
54, and column 10, lines 14-25). 

England discloses a manifest but does not explicitly disclose generating a file 
containing a high-level description of the manifest using human-readable syntax and 
parsing the file by eliminating at least a portion of the human-readable syntax to 
generate a generic representation of the material contained in the file and finally 
generating a manifest based on the generic representation. 

Lao discloses generating a file containing a high-level description of the manifest 
using human-readable syntax (see, Fig. 19, Numeral 1901, "Rights information" and 
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Paragraph 0158-0159, author accessing license generation and interpretation service 
190 to specify the rights information. Note that the user specify the rights using a GUI 
which are later converted into an unsigned rights expression) and parsing the file to 
generate a generic representation of the material contained in the file and finally 
generating a manifest based on the generic representation (See, Fig. 19, Numeral 
1903, "Rights Expression" and Paragraph 0158, "the License Generation and 
Interpretation Service 1907 converts the information the user 1919 provides into a rights 
expression, for example, an unsigned license, based on XrML"). 

The combination of England and Lao discloses using XrML file but does not 
disclose eliminating at least a portion of human-readable syntax while generating a 
generic representation. 

Lai discloses eliminating at least a portion of human-readable syntax while 
generating a generic representation (see, Paragraph 1192, "In practice, the sensitive 
data in the SOAP messages is typically encrypted and signed with a digital signature to 
support non-repudiation."). 

Therefore, it would have been obvious at the time the invention was made to one 
of ordinary skill in the art to eliminate, by encrypting the sensitive human readable data 
in the XrML certificate of the combination of England and Lai, as taught by Lai to 
support non-repudiation (see, Lai, Paragraph 1192). 

Regarding Claim 14, the rejection of claim 12 is incorporated and the 
combination of England, Lao and Lai further discloses wherein said rouge module is 
located external to the manifest and is operative to perform an unauthorized operation 
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in said address space of said computer (see, Column 9, lines 16-29 and Column 18, 
lines 39-54). 

Regarding Claim 17, England discloses a method of automating the generation 
of manifest that governs the execution of a software object, the method comprising: 

creating a specification that permits a vendor to specify what may be loaded into 
an address space of the software a computer in which object is to be executed, the 
specification referring to one or more components that are external to the software and 
external to the specification (see, Column 18, lines 39-54 and also abstract); 

including, in a manifest (see, Column 10, lines , 14-25, access predicate + 
license), data from one of said one or more components (see, Column 18, lines 39-54); 
or 

England discloses a manifest but does not explicitly discloses creating a file 
using a high-level description containing human-readable syntax that simplifies the 
describing of the manifest and parsing the file to generate an internal data structure 
representing a substance of the requirements with at least a portion of the human- 
readable syntax removed and using a manifest generation tool that accepts the internal 
data structure and automatically generates therefrom, the manifest. 

Lao discloses creating a file using a high-level description containing human- 
readable syntax that simplifies the describing of the manifest (see, Fig. 19, Numeral 
1901, "Rights information" and Paragraph 0158-0159, author accessing license 
generation and interpretation service 190 to specify the rights information. Note that the 
user specify the rights using a GUI which are later converted into an unsigned rights 
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expression) and parsing the file to generate an internal data structure representing a 
substance of the requirements (See, Fig. 19, Numeral 1903, "Rights Expression" and 
Paragraph 0158, "the License Generation and Interpretation Service 1907 converts the 
information the user 1919 provides into a rights expression, for example, an unsigned 
license, based on XrML") and using a manifest generation tool that accepts the internal 
data structure and automatically generates therefrom, the manifest (see, Paragraph 
0159, "The unsigned license is then returned, conveyed, transmitted, and the like, to the 
user 1919, and the user 1919 can digitally sign the license."). 

Therefore, it would have been obvious at the time the invention was made to one 
of ordinary skill in the art to generate, the license of England, using the license 
generation and interpretation service of Lao. This would be beneficial for the user such 
as author of software of England that uses authoring application which does not provide 
a way to specify rights metadata for the content by providing such services with license 
generation and interpretation service (see, Lao, Paragraph 0158) 

The combination of England and Lao discloses using XrML file but does not 
disclose eliminating at least a portion of human-readable syntax while generating a 
generic representation. 

Lai discloses eliminating at least a portion of human-readable syntax while 
generating a generic representation (see, Paragraph 1192, "In practice, the sensitive 
data in the SOAP messages is typically encrypted and signed with a digital signature to 
support non-repudiation."). 
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Therefore, it would have been obvious at the time the invention was made to one 
of ordinary skill in the art to eliminate, by encrypting the sensitive human readable data 
in the XrML certificate of the combination of England and Lai, as taught by Lai to 
support non-repudiation (see, Lai, Paragraph 1192). 

Regarding Claim 18, the rejection of claim 17 is incorporated and the 
combination of England, Lao and Lai further discloses wherein said one or more 
components comprises a module, wherein said file indicates either that said module 
may be loaded into a secure address space or that said module may not be loaded into 
said address space (see, Column 10, lines 14-24 and Column 18, line 55 - Column 19, 
line 9 as modified by Lao and Lai), and wherein said manifest generation tool including 
an identifier of said module in said manifest (see, Column 10, lines 14-24 and Column 
18, line 55 - Column 19, line 9 as modified by Lao and Lai). 

Regarding Claim 19, the rejection of claim 17 is incorporated and the 
combination of England, Lao and Lai further discloses wherein said one or more 
components comprise a key, wherein said file indicates either that modules signed with 
said key may be loaded into a secure address space or that modules signed with said 
key may not be loaded into said address space (see, Column 10, lines 41-51), and 
wherein said manifest generation tool retrieves said key from a location identified in said 
file, and includes a certificate for said key in said manifest (see, Column 8, lines 7-17). 

Regarding Claim 21, the rejection of claim 17 is incorporated and the 
combination of England, Lao and Lai further discloses receiving a key associated with at 
least one of a) a vendor or b) distributor of the software; signing said manifest with said 
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key to produce a digital signature; and including said digital signature in said manifest 
(see, Column 8, lines 7-17). 

Regarding Claim 23, England discloses a system comprising a processor for 
generating a manifest, the system comprising: 

requirements relating to what may be loaded into an address space of a software 
object, said specification referring to one or more components external to said software 
and external to said specification (see, Column 18, lines 39-54 and also abstract); and 

included in said manifest information contained in, or computed based on, said 
one or more components (see, Column 18, lines 39-54), the manifest configured to 
interoperate with a security component (see, Column 8, lines 56-65, Column 9, lines 11- 
15, "DDMOS") that imposes a permeable barrier for selectively allowing acceptable 
modules to be loaded into the software space of the software object and blocking 
unacceptable modules from being loaded into the software space thereby preventing 
unauthorized tampering of the one or more components (see, Column 8, lines 56-65, 
Column 9, lines 11-15, "DDMOS" and also see abstract). 

England does not explicitly disclose a first parser implemented on the processor, 
the first parser configured to receive a manifest specification in a human-readable 
syntax indicative of requirements for a manifest, the first parser generating therefrom, a 
generic representation of said requirements by removing at least a portion of the 
human-readable syntax, 

Lao discloses disclose a first parser implemented on the processor, the first 
parser configured to receive a manifest specification in a human-readable syntax 
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indicative of requirements for a manifest (see, Fig. 1 9, Numeral 1 901 , "Rights 
information" and Paragraph 0158-0159, author accessing license generation and 
interpretation service 190 to specify the rights information. Note that the user specify the 
rights using a GUI which are later converted into an unsigned rights expression), the 
first parser generating therefrom, a generic representation of said requirements (See, 
Fig. 19, Numeral 1903, "Rights Expression" and Paragraph 0158, "the License 
Generation and Interpretation Service 1907 converts the information the user 1919 
provides into a rights expression, for example, an unsigned license, based on XrML"). 

The combination of England and Lao discloses using XrML file but does not 
disclose eliminating at least a portion of human-readable syntax while generating a 
generic representation. 

Lai discloses eliminating at least a portion of human-readable syntax while 
generating a generic representation (see, Paragraph 1192, "In practice, the sensitive 
data in the SOAP messages is typically encrypted and signed with a digital signature to 
support non-repudiation."). 

Therefore, it would have been obvious at the time the invention was made to one 
of ordinary skill in the art to eliminate, by encrypting the sensitive human readable data 
in the XrML certificate of the combination of England and Lai, as taught by Lai to 
support non-repudiation (see, Lai, Paragraph 1192). 

Regarding Claim 24, the rejection of claim 23 is incorporated and the 
combination of England, Lao and Lai further discloses wherein said one or more 
components comprise a module, and wherein said first manifest generator generates 
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said manifest by including, in said manifest, a datum that identifies said module (see, 
Column 10, lines 14-25). 

Regarding Claim 26, the rejection of claim 23 is incorporated and the 
combination of England, Lao and Lai further discloses wherein said one or more 
components comprise a key, wherein said specification indicates either that acceptable 
modules signed with said key may be loaded into said address space or that 
unacceptable modules signed with said key may not be loaded into said address space 
(see, Column 10, lines 14-24 and Column 18, line 55 - Column 19, line 9), and wherein 
said first manifest generator retrieves said key from a file identified in said specification 
and includes said key in said manifest (see, Column 8, lines 7-17). 

Regarding Claim 27, the rejection of claim 23 is incorporated and the 
combination of England, Lao and Lai further discloses wherein said first manifest 
generator generates a digital signature for said manifest by signing said manifest with a 
key associated with a vendor or distributor of said software object, and includes said 
digital signature in said manifest (see, Olsen, Column 10, lines 12-30).. 

Regarding Claim 29, the rejection of claim 23 is incorporated and the 
combination of England, Lao and Lai further discloses a second parser that receives a 
manifest specification indicative of requirements for a manifest, the second parser 
generating a representation of said requirements in the same format as said first parser 
(see, Column 18, line 55- Column 19, line 1), wherein said first parser parses 
specifications in a first format and second parser parses specifications in a second 
format different from said first format, and wherein first manifest generator generates 
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said manifest based on a representation produced either by said first parser or said 
second parser (see, Column 19, lines 45-53). 

Regarding Claim 30, the rejection of claim 23 is incorporated and the 
combination of England, Lao and Lai further discloses a second manifest generator that 
generates a manifest based on said representation, wherein said first manifest 
generator generates a manifest in a first format and second manifest generator 
generates a manifest in a second format different from said first format (see, Column 
19, lines 54-61 and Lao, Paragraph 0159). 

Regarding Claims 38 and 39, the rejections of claims 12 and 17 are 
incorporated and the combination of England, Lao and Lai further discloses 

wherein said file is written in a Manifest Configuration File (MCF) format (see, 
Lao, Fig. 19, Numeral 1901, "Rights information" and Paragraph 0158-0159, author 
accessing license generation and interpretation service 190 to specify the rights 
information. Note that the user specify the rights using a GUI which are later converted 
into an unsigned rights expression), and wherein said manifest is generated in 
extensible Rights Markup Language (XRML) format (See Lao, Fig. 19, Numeral 1903, 
"Rights Expression" and Paragraph 0158, "the License Generation and Interpretation 
Service 1907 converts the information the user 1919 provides into a rights expression, 
for example, an unsigned license, based on XrML"). 



Claims 25 and 33-34 are rejected under 35 U.S.C. 103(a) as being unpatentable 



over England in view of Lao and Lai and further in view of Jensenworth 
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Regarding Claim 25, the rejection of claim 24 is incorporated and the 
combination of England, Lao and Lai does not explicitly disclose wherein said datum 
comprises a hash of said module. 

Jensenworth discloses datum comprising a hash of said module (see, 
Jensenworth, Column 7, lines 33-44). 

Therefore, it would have been obvious at the time the invention was made to one 
of ordinary skill in the art to include, in the certificate of England, a datum comprising a 
hash of said module as taught by Jensenworth so that the hash included in the license 
can be matched with the hash of the application prior to granting access to the 
application. 

Regarding Claim 33, the rejection of claim 12 is incorporated and the England 
discloses wherein identity of an unacceptable module that is unconditionally barred from 
being executed in the address space of the software object (see, England, Column 9, 
lines 1 1-29 and abstract). However, England does not explicitly disclose the list of 
unacceptable modules to be included in the license. 

However, Jensenworth discloses a manifest comprising the list of unacceptable 
modules (see, Column 5, lines 50-67 and Column 12, lines 1-9). 

Therefore, it would have been obvious at the time the invention was made to one 
of ordinary skill in the art to include, in the license of England, a list of unacceptable 
modules so that the access to the content of England can be barred explicitly from 
these unacceptable modules. 
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Regarding Claim 34, the rejection of claim 33 is incorporated and the 
combination of England, Lao, Lai and Jensenworth further discloses wherein the 
unacceptable module is identified in the policy by a hash identifier (see, Jensenworth, 
Column 7, lines 33-44). 

Claims 36 and 37 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over England in view of in view of Jensenworth, Lao, Challener and further in view of 
Lai. 

Regarding Claim 36, the rejection of claim 1 is incorporated and the combination 
of England, Jensenworth, Lao, and Challener further discloses wherein said MCF is an 
MCF file containing a high-level description using human-readable syntax (see Lao, Fig. 
19, Numeral 1901, "Rights information" and Paragraph 0158-0159, author accessing 
license generation and interpretation service 190 to specify the rights information. Note 
that the user specify the rights using a GUI which are later converted into an unsigned 
rights expression). The combination however does not explicitly disclose wherein 
parsing the MCF to create a generic representation comprises removing at least a 
portion of the human-readable syntax. 

Lai discloses eliminating at least a portion of human-readable syntax while 
generating a generic representation (see, Paragraph 1192, "In practice, the sensitive 
data in the SOAP messages is typically encrypted and signed with a digital signature to 
support non-repudiation."). 



Application/Control Number: 10/658,149 Page 20 

Art Unit: 2435 

Therefore, it would have been obvious at the time the invention was made to one 
of ordinary skill in the art to eliminate, by encrypting the sensitive human readable data 
in the XrML certificate of the combination of England and Lai, as taught by Lai to 
support non-repudiation (see, Lai, Paragraph 1192). 

Regarding Claim 37, the rejection of claim 36 is incorporated and the 
combination of England, Jensenworth, Lao, Challener, and Lai further discloses wherein 
removing at least a portion of the human- readable syntax comprises removing all 
human-readable syntax from the MCF (see, Lai, Paragraph 1 192). 

Claim 1 1 is rejected under 35 U.S.C. 103(a) as being unpatentable over England 
in view of Jensenworth, Lao, Challener and further in view of Watanabe et al. (US 
2002/0108041 AD, hereinafter Watanabe. 

Regarding Claims 11, the rejections of claim 1 is incorporated and the 
combination of England, Jensenworth, Lao, and Challener discloses signing a manifest 
using the private key of the vendor or distributor. The combination does not explicitly 
discloses using hardware security module to sign manifest, said hardware security 
module being adapted to apply a key associated with a vendor or distributor of said 
software object without revealing said key outside said hardware security module. 

However, Watanabe, in the same field of endeavor of cryptography, discloses 
signing digital document with private key of the signing party without revealing private 
key outside hardware security module (Paragraph 0195, One of the approaches to 
solve the problems of security assurance and enhanced computing speed is the use of 
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a hardware security module (HSM) in holding the signature keys (or private keys) and 
executing signature processing.") 

Therefore, it would have been obvious at the time the invention was made to one 
of ordinary skill in the art to use in the system of England, during a creation of 
cryptographic envelopes, use a hardware security module, as taught by Watanabe to 
provider highly temper resistant and security for the private key of the vendor 
(Watanabe, Paragraph 0195) 

Claim 22 is rejected under 35 U.S.C. 103(a) as being unpatentable over England 
in view of Lao and Lai and further in view of Watanabe. 

Regarding Claims 22, the rejections of claim 17 is incorporated and the 
combination of England, Lao and Lai further discloses signing a manifest using the 
private key of the vendor or distributor. The combination does not explicitly discloses 
using hardware security module to sign manifest, said hardware security module being 
adapted to apply a key associated with a vendor or distributor of said software object 
without revealing said key outside said hardware security module. 

However, Watanabe, in the same field of endeavor of cryptography, discloses 
signing digital document with private key of the signing party without revealing private 
key outside hardware security module (Paragraph 0195, One of the approaches to 
solve the problems of security assurance and enhanced computing speed is the use of 
a hardware security module (HSM) in holding the signature keys (or private keys) and 
executing signature processing.") 
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Therefore, it would have been obvious at the time the invention was made to one 
of ordinary skill in the art to use in the system of England, during a creation of 
cryptographic envelopes, use a hardware security module, as taught by Watanabe to 
provider highly temper resistant and security for the private key of the vendor 
(Watanabe, Paragraph 0195). 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to YOGESH PALIWAL whose telephone number is 
(571 )270-1 807. The examiner can normally be reached on M-F: 7:30 AM - 5:00 PM 
EST. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Vu can be reached on (571) 272-3859. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/Y. P.I 

Examiner, Art Unit 2435 
/Kimyen Vu/ 

Supervisory Patent Examiner, Art Unit 2435 



